Glossary of Security Terms: Cross-Site Scripting

Glossary of Security Terms: Cross-Site Scripting

Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users.

Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users. According to the Open Web Application Security Project, XSS was the seventh most common Web app vulnerability in 2017.

These attacks succeed if the Web app does not employ enough validation or encoding. The user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any cookies, session tokens, or other sensitive site-specific information, or lets the malicious script rewrite the HTML content.

Learn more

General knowledge

beginners security-terms mozilla password-protection backend web-development security cross-site-scripting

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Glossary of Security Terms: Ciphertext

In cryptography, a ciphertext is a scrambled message that conveys information but is not legible unless decrypted with the right cipher and the right secret (usually a key), reproducing the original cleartext. A ciphertext's security, and therefore the secrecy of the contained information, depends on using a secure cipher and keeping the key secret.

Glossary of Security Terms: CORS

CORS is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests.

Glossary of Security Terms: Challenge-Response Authentication

In security protocols, a challenge is some data sent to the client by the server in order to generate a different response each time. Challenge-response protocols are one way to fight against replay attacks where an attacker listens to the previous messages and resends them at a later time to get the same credentials as the original message.

Glossary of Security Terms: Cipher Suite

A cipher suite is a combination of a key exchange algorithm, authentication method, bulk encryption cipher, and message authentication code.

Glossary of Security Terms: Certificate Authority

A certificate authority (CA) is an organization that signs digital certificates and their associated public keys. This certifies that an organization that requested a digital certificate (e.g., Mozilla Corporation) is authorized to request a certificate for the subject named in the certificate (e.g., mozilla.org).